Community

Using SSL with JSON input

4046
2
Jump to solution
03-06-2015 11:11 AM
MarkCollins
by
Occasional Contributor
‎03-06-2015 11:11 AM

I'm trying to use SSL with the JSON input and running into some issues. The input fails to poll the data correctly and displays the following message:

Failed to get a response from https://mark-lenovo/WebServices.External.qa/externalapi.svc/getincidents/1C5F19F8-5341-417D-A45F-5DE....

My JSON service is using a self signed cert which I have installed in the Trusted root certificate authority in the windows certificate store. The certificate validates fine when browsing to the rest URL in IE. (Also tells me DNS and the service itself are working correctly)

This the error displayed in my Geoevent error log:

errlogz.png

Is there a special certificate authorization list for the JRE that geoevent uses? Does it use the windows certificate store at all? Is SSL event supported on the JSON input?

Thanks,

Mark

Tags (2)
0 Kudos
1 Solution

Accepted Solutions
MarkBramer
by
Occasional Contributor II
‎03-18-2015 07:58 AM

Hi Mark,

GeoEvent uses ArcGIS Server's JRE, so I'd think you'd want to add the cert to Server's cacerts located at: C:\Program Files\ArcGIS\Server\framework\runtime\jre\lib\security. 

Have you tried that?

Mark

View solution in original post

0 Kudos
2 Replies
MarkBramer
by
Occasional Contributor II
‎03-18-2015 07:58 AM

Hi Mark,

GeoEvent uses ArcGIS Server's JRE, so I'd think you'd want to add the cert to Server's cacerts located at: C:\Program Files\ArcGIS\Server\framework\runtime\jre\lib\security. 

Have you tried that?

Mark

0 Kudos
MarkCollins
by
Occasional Contributor
‎03-18-2015 09:19 AM

Mark,

Thanks! This was very helpful in pointing me in the right direction. I've tested it using the jre in this path and it seems to work fine. Here are the complete steps for importing a certificate into the cert store.

  1. Save a copy of the Certificate Authority ssl certificate to the < C:\Program Files\ArcGIS\Server\framework\runtime\jre\lib\security>.  This can be done by accessing one of your web pages via https in a browser and looking at the certificate information. Go to the details tab and click Copy to File. Export it to a DER encoded binary x.509 (.CER).
  2. Run the following command, including the double quotes, in the < C:\Program Files\ArcGIS\Server\framework\runtime\jre\lib\security> folder to import the Certificate Authority certificate to the cacerts file (in this example, the certificate is called esrica.cer):
    “C:\Program Files\ArcGIS\Server\framework\runtime\jre\bin\keytool” -import -trustcacerts -file esrica.cer> -alias esri_ca -keystore cacerts
    The password for this cacerts file is 'changeit'.  The alias parameter in the command can be anything and must be different for each certificate added to the store.
  3. Restart the GeoEvent processor service for the changes to take effect

-Mark

0 Kudos